9bb1ffc5759cda1bf670be9acfe8626abfdb3b23b50504e4dfc00b609df2b7ad

Analysis

max time kernel
152s
max time network
178s
platform
windows10-2004_x64
resource
win10v2004-20230220-en
resource tags

arch:x64arch:x86image:win10v2004-20230220-enlocale:en-usos:windows10-2004-x64system
submitted
02-05-2023 03:36

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
Size

1.9MB
MD5

1176914c8a8cfee425ba582c595065d6
SHA1

3f38397cd5e7aa69902badf6d7b9b935f5e822df
SHA256

9bb1ffc5759cda1bf670be9acfe8626abfdb3b23b50504e4dfc00b609df2b7ad
SHA512

e6597857c382b8e52f3080f75b442b3347abde1213c9b0ea53ffb8f6c42f14e4d138f46c1d116cb864f5808d33b916a633c0beef7db578599328d7474cf914f5
SSDEEP

49152:lvhlHWBwS6D7ddSNPHu0gbZs3HaGYLWEdZYgVbBr:RLHW2ZWH5gO3HXYLu2

Score

8^/10

bootkit discovery persistence

Malware Config

Signatures

Downloads MZ/PE file

Checks BIOS information in registry 2 TTPs 4 IoCs

BIOS information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

InstallerGUI.exeVideoEditor.exe

description	ioc	process
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	InstallerGUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	InstallerGUI.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\SystemBiosVersion	VideoEditor.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\VideoBiosVersion	VideoEditor.exe

Writes to the Master Boot Record (MBR) 1 TTPs 2 IoCs
Bootkits write to the MBR to gain persistence at a level below the operating system.
bootkit persistence

Bootkit
T1067

Processes:

InstallerGUI.exeVideoEditor.exe

description ioc process

File opened for modification \??\PhysicalDrive0 InstallerGUI.exe
File opened for modification \??\PhysicalDrive0 VideoEditor.exe

description	ioc	process
File opened for modification	\??\PhysicalDrive0	InstallerGUI.exe
File opened for modification	\??\PhysicalDrive0	VideoEditor.exe

Drops file in System32 directory 64 IoCs

Processes:

CodecChecker.exe

description	ioc	process
File opened for modification	C:\Windows\system32\symbols\dll\D3D11Core.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\crypt32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\WinTypes.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FndAppLocations.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FndProperty.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\StreamReader.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\D3D9Core.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\libgcc_s_seh-1.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\UxTheme.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\combase.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\MediaTypes.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\liblibass.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\mfdvdec.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FndFilesystem.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FFWrapper.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\avutil.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\Kernel.Appcore.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\FndTime.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\FiltersOnnxRT.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\CoreIntExt.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\d3d11.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\avfilter.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\bcryptprimitives.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\glog.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\FndDyLib.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\EncoderLossless.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\msasn1.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\DLL\rtworkq.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\boost_filesystem-mt-x64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\ole32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\OglManager.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\Qt5Core.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\bcryptprimitives.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\boost_filesystem-mt-x64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\boost_thread-mt-x64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\mpr.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\avresample.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FiltersFF.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FiltersSpeex.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\EncoderLossless.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\AMFManager.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\bcryptprimitives.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\ntdll.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\kernel32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\kernelbase.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\MediaTypes.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\ProcInt.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\FndFilesystem.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\ws2_32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FndDyLib.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\DLL\WMADMOD.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\WMVXENCD.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\DecoderRAW.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\gdi32full.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\avcodec.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\boost_thread-mt-x64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\libheif.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\symbols\dll\ParserCD.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\ClientAPI.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\rpcrt4.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\dll\glew32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\cryptbase.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\Effects.pdb	CodecChecker.exe
File opened for modification	C:\Windows\system32\FiltersOnnxRT.pdb	CodecChecker.exe

Checks installed software on the system 1 TTPs
Looks up Uninstall key entries in the registry to enumerate software on the system.
discovery

Query Registry
T1012

Drops file in Windows directory 64 IoCs

Processes:

CodecChecker.exe

description	ioc	process
File opened for modification	C:\Windows\dll\ConfInt.pdb	CodecChecker.exe
File opened for modification	C:\Windows\DLL\WMSPDMOD.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\EncoderLossless.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\DLL\MFPLAT.pdb	CodecChecker.exe
File opened for modification	C:\Windows\FndOS.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\ws2_32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\libgcc_s_seh-1.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\Kernel.Appcore.pdb	CodecChecker.exe
File opened for modification	C:\Windows\Resize.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\onnxruntime.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\cryptsp.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\Settings.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\winhttp.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\swscale.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\msvcp140_1.amd64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\EncodersFF.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\cfgmgr32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\DecodersFF.pdb	CodecChecker.exe
File opened for modification	C:\Windows\UMPDC.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\combase.pdb	CodecChecker.exe
File opened for modification	C:\Windows\EffectFactory.pdb	CodecChecker.exe
File opened for modification	C:\Windows\AnalyzerFactory.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\libgcc_s_seh-1.pdb	CodecChecker.exe
File opened for modification	C:\Windows\imm32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\EffectsOnnxRT.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\FndProperty.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\msvcp140_1.amd64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\DecoderGrid.pdb	CodecChecker.exe
File opened for modification	C:\Windows\DecoderMF.pdb	CodecChecker.exe
File opened for modification	C:\Windows\psapi.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\AnalyzerVideoOpenCV.pdb	CodecChecker.exe
File opened for modification	C:\Windows\FilterFactory.pdb	CodecChecker.exe
File opened for modification	C:\Windows\FiltersOnnxRT.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\AppXDeploymentClient.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\UMPDC.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\mfH264Enc.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\AnalyzerAudio.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\vcruntime140.amd64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\FndIO.pdb	CodecChecker.exe
File opened for modification	C:\Windows\swscale.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dxgi.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\CudaOGLInterop.pdb	CodecChecker.exe
File opened for modification	C:\Windows\NvidiaManager.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\vcruntime140.amd64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\opengl32.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\FiltersOnnxRT.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\MSAudDecMFT.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\MuxerFactory.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\libwinpthread-1.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\concrt140.amd64.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\FiltersSpeex.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\libheif.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\ParserRAW.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\kernelbase.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\FndOS.pdb	CodecChecker.exe
File opened for modification	C:\Windows\libwinpthread-1.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\Filters.pdb	CodecChecker.exe
File opened for modification	C:\Windows\DLL\rtworkq.pdb	CodecChecker.exe
File opened for modification	C:\Windows\ParserHEIF.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\bcrypt.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\EffectsOgl.pdb	CodecChecker.exe
File opened for modification	C:\Windows\symbols\dll\DecoderNVDEC.pdb	CodecChecker.exe
File opened for modification	C:\Windows\WMADMOD.pdb	CodecChecker.exe
File opened for modification	C:\Windows\dll\CodecFactory.pdb	CodecChecker.exe

Executes dropped EXE 52 IoCs

Processes:

1824239629_Wa7t1ba_.exeInstallerGUI.execrashpad_handler.exeMovaviStatistics.exeMovaviStatistics.exePluginChecker.exePluginChecker.exeMovaviStatistics.exePluginChecker.exePluginChecker.exePluginChecker.exeMovaviStatistics.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exePluginChecker.exeCodecChecker.exeCodecChecker.exeCodecChecker.exeCodecChecker.exeCodecChecker.exeCodecChecker.exeCodecChecker.exeMovaviStatistics.exeMovaviStatistics.exeVideoEditor.execrashpad_handler.exeMovaviStatistics.exeMovaviStatistics.exeVideoEditor.exe

pid	process
324	1824239629_Wa7t1ba_.exe
3016	InstallerGUI.exe
2688	crashpad_handler.exe
4464	MovaviStatistics.exe
3156	MovaviStatistics.exe
4500	PluginChecker.exe
1004	PluginChecker.exe
3944	MovaviStatistics.exe
4300	PluginChecker.exe
4248	PluginChecker.exe
3260	PluginChecker.exe
4812	MovaviStatistics.exe
4764	PluginChecker.exe
1172	PluginChecker.exe
4544	PluginChecker.exe
1656	PluginChecker.exe
2944	PluginChecker.exe
2592	PluginChecker.exe
3168	PluginChecker.exe
1676	PluginChecker.exe
2248	PluginChecker.exe
928	PluginChecker.exe
5108	PluginChecker.exe
2208	PluginChecker.exe
664	PluginChecker.exe
224	PluginChecker.exe
3408	PluginChecker.exe
112	PluginChecker.exe
2776	PluginChecker.exe
5044	PluginChecker.exe
2964	PluginChecker.exe
4028	PluginChecker.exe
2632	PluginChecker.exe
1160	PluginChecker.exe
2120	PluginChecker.exe
4988	PluginChecker.exe
1696	PluginChecker.exe
2440	PluginChecker.exe
4568	CodecChecker.exe
756	CodecChecker.exe
3968	CodecChecker.exe
5100	CodecChecker.exe
3748	CodecChecker.exe
2796	CodecChecker.exe
2792	CodecChecker.exe
4140	MovaviStatistics.exe
3020	MovaviStatistics.exe
1340	VideoEditor.exe
3536	crashpad_handler.exe
4780	MovaviStatistics.exe
2132	MovaviStatistics.exe
1656	VideoEditor.exe

Loads dropped DLL 64 IoCs

Processes:

InstallerGUI.exe

pid	process
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe
3016	InstallerGUI.exe

Enumerates physical storage devices 1 TTPs
Attempts to interact with connected storage/optical drive(s).

System Information Discovery
T1082

Checks processor information in registry 2 TTPs 4 IoCs

Processor information is often read in order to detect sandboxing environments.

Query Registry

T1012

System Information Discovery

T1082

Processes:

CodecChecker.exe

description	ioc	process
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0	CodecChecker.exe
Key value queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor\0\~MHz	CodecChecker.exe
Key opened	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	CodecChecker.exe
Key queried	\REGISTRY\MACHINE\HARDWARE\DESCRIPTION\System\CentralProcessor	CodecChecker.exe

Modifies registry class 64 IoCs

Processes:

InstallerGUI.exeVideoEditor.exeCodecChecker.exeCodecChecker.exeCodecChecker.exePluginChecker.exeCodecChecker.exeCodecChecker.exeCodecChecker.exe

description	ioc	process
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepb\shell\open	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.mpack\ = "Movavi Video Editor 23.edit_openwith.mpack"	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\jpWqYlXgUmspws`_femMfL = 34bb	VideoEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\YvbpR`_^`jufz]lc_KWw = 35bb	VideoEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\lC]thuXYVp_pcrVd_KWw = 35bb	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{40FBE214-F124-4A3C-BE84-304B8C51D957}	CodecChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepj\shell\open\command\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.mepj\	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\videoeditorplus\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\Movavi Video Editor 23\\MovaviLinkHelper.exe,0"	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{C0937617-604C-9916-B043}\vnvfowhy = b414e68a229150664cb7d74aa61c8c9ac452d394	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{961EE1CE-3381-7580-E2CB}\khxuuwnb = 04c8d2c0ca2540d1b400d8e87e110c51fcf466b8	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{509C1BCA-BD01-43F4-9552-8ADFC40752C7}	CodecChecker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mpack\DefaultIcon\ = "C:\\Users\\Admin\\AppData\\Roaming\\Movavi Video Editor 23\\VideoEditor.exe,0"	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\lC]thuXYVp_xpl[ovgZqx = 35bb	VideoEditor.exe
Key created	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{C0937617-604C-9916-B043}	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{862988D9-7D99-1E06-4CEA}\uumvmmux = 3c7f5a74d48991d8384960f320ad8f8c50a93bf5	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mpack\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Movavi Video Editor 23\\VideoEditor.exe\" \"%1\""	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\videoeditorplus\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Movavi Video Editor 23\\MovaviLinkHelper.exe\" \"%1\""	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{64AC0966-1D76-436A-ACCB-21F9F8B87DC7}	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{3999756D-6F2F-41C6-8C1D-C6F37BB7B4D7}	CodecChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mpack\DefaultIcon	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.mepj\ = "Movavi Video Editor 23.edit_openwith.mepj"	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\videoeditorplus\shell\open\command	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\YvbpR`_^`jufz]lc_KWw = 34bb	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{0DF95EF2-9D9C-4E2B-82E6-ADFC4C54D2F2}	PluginChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepb\shell\open\command\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\shell\open	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.mpack\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\videoeditorplus\DefaultIcon\	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{862988D9-7D99-1E06-4CEA}\uumvmmux = bc80d94b066e259974b714c7262830cd187edae8	VideoEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\jpWqYlXgUmspws`_k`C^`cfE = 34bb	VideoEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\wrRGPcigrju_`sfH = 34bb	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{E0A308AF-46BF-4AF9-B7F1-12D222FDA4DE}	CodecChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepj\shell\open\command	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\shell\	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\_mXCRgijqmdtaYVp_ppdtjXppgD = 35c9c243c8be3cc945c6c63c3ec9ccc2	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{9CBDBBAB-95A9-48CF-9A9A-3B78276563EA}	CodecChecker.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{871BB2FA-B668-460D-8BA0-A65CA81CCEEC}	CodecChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mpack\shell\open	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\wrRGPcigrju_`sfZWy = 35bb	VideoEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\DMNFvvBZxPsDwLYZatn`o\btTsBH = 35bb	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{7F6ACEC2-5235-45DD-B7D1-47CBE90C036A}	CodecChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepj\DefaultIcon\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepj\shell	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\shell\open\command\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\videoeditorplus\shell	InstallerGUI.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{87DAA8C3-11D9-4A09-99A4-7E909D315D58}	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mpack\DefaultIcon\	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{862988D9-7D99-1E06-4CEA}\uumvmmux = bc7e5a7450bd2763d0270895e0b6e370a4ad1ef5	VideoEditor.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\YvbpR`_^`jufz]lc_v = 93668ca3539b75aba66d6fae9f96a4627193b597b54f90607aa69a76a4b56f8f3a679cad55b15f96a2666d9aada5956f70a0ba969a55a6766f91	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{4B2770B3-9000-43BA-937D-C590A1D7387B}	CodecChecker.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\DefaultIcon\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\shell\	InstallerGUI.exe
Set value (data)	\REGISTRY\MACHINE\SOFTWARE\Classes\CcFWSettg.Category\CLSID\{961EE1CE-3381-7580-E2CB}\khxuuwnb = 34d33540a8bb3f5f38ffc76778d7bb9034c00dd8	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepj\shell\	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\shell	InstallerGUI.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mpack	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\tqOv_pmn`_kplsfH = 987096b552a058ad9175729faa9aa563	VideoEditor.exe
Key created	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\videoeditorplus\shell\open\command\	InstallerGUI.exe
Set value (data)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\CLSID\{8634AD45-C0541800-65A7E535-21282A6-6C16DDB2}\_p]CRgXtXurfqalc_KWw = 35bb	VideoEditor.exe
Key created	\REGISTRY\MACHINE\Software\Classes\Local Settings\Software\Microsoft\Windows\CurrentVersion\AppModel\Deployment\Package\*\S-1-5-21-1013461898-3711306144-4198452673-1000\{AA3CF066-D10F-4031-8479-2B98D97AB8FE}	CodecChecker.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\Movavi Video Editor 23.edit_openwith.mepx\shell\open\command\ = "\"C:\\Users\\Admin\\AppData\\Roaming\\Movavi Video Editor 23\\VideoEditor.exe\" \"%1\""	InstallerGUI.exe
Set value (str)	\REGISTRY\USER\S-1-5-21-1013461898-3711306144-4198452673-1000_Classes\.mepb\ = "Movavi Video Editor 23.edit_openwith.mepb"	InstallerGUI.exe

Suspicious behavior: AddClipboardFormatListener 3 IoCs

Processes:

InstallerGUI.exePluginChecker.exeVideoEditor.exe

pid process

3016 InstallerGUI.exe
4500 PluginChecker.exe
1340 VideoEditor.exe
Suspicious behavior: EnumeratesProcesses 6 IoCs

Processes:

InstallerGUI.exe

pid process

3016 InstallerGUI.exe
3016 InstallerGUI.exe
3016 InstallerGUI.exe
3016 InstallerGUI.exe
3016 InstallerGUI.exe
3016 InstallerGUI.exe

Suspicious use of SetWindowsHookEx 34 IoCs

Processes:

MovaviVideoEditorPlusSetupC_Wa7t1ba_.exeInstallerGUI.exeMovaviStatistics.exePluginChecker.exeMovaviStatistics.exeMovaviStatistics.exeMovaviStatistics.exeVideoEditor.exeMovaviStatistics.exeMovaviStatistics.exe

pid	process
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
3016	InstallerGUI.exe
4464	MovaviStatistics.exe
4464	MovaviStatistics.exe
4500	PluginChecker.exe
4464	MovaviStatistics.exe
4500	PluginChecker.exe
4464	MovaviStatistics.exe
3944	MovaviStatistics.exe
3944	MovaviStatistics.exe
3944	MovaviStatistics.exe
4812	MovaviStatistics.exe
4812	MovaviStatistics.exe
4812	MovaviStatistics.exe
4812	MovaviStatistics.exe
4140	MovaviStatistics.exe
4140	MovaviStatistics.exe
4140	MovaviStatistics.exe
4140	MovaviStatistics.exe
1340	VideoEditor.exe
4780	MovaviStatistics.exe
4780	MovaviStatistics.exe
4780	MovaviStatistics.exe
2132	MovaviStatistics.exe
2132	MovaviStatistics.exe
2132	MovaviStatistics.exe

Suspicious use of WriteProcessMemory 64 IoCs

Processes:

MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe1824239629_Wa7t1ba_.exeInstallerGUI.exe

description	pid	process	target process
PID 840 wrote to memory of 324	840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe	1824239629_Wa7t1ba_.exe
PID 840 wrote to memory of 324	840	MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe	1824239629_Wa7t1ba_.exe
PID 324 wrote to memory of 3016	324	1824239629_Wa7t1ba_.exe	InstallerGUI.exe
PID 324 wrote to memory of 3016	324	1824239629_Wa7t1ba_.exe	InstallerGUI.exe
PID 3016 wrote to memory of 2688	3016	InstallerGUI.exe	crashpad_handler.exe
PID 3016 wrote to memory of 2688	3016	InstallerGUI.exe	crashpad_handler.exe
PID 3016 wrote to memory of 4464	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 4464	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 3156	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 3156	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 4500	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4500	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1004	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1004	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3944	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 3944	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 4300	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4300	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4248	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4248	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3260	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3260	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4812	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 4812	3016	InstallerGUI.exe	MovaviStatistics.exe
PID 3016 wrote to memory of 4764	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4764	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1172	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1172	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4544	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4544	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1656	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1656	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2944	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2944	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2592	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2592	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3168	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3168	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1676	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 1676	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2248	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2248	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 928	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 928	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 5108	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 5108	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2208	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2208	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 664	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 664	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 224	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 224	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3408	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 3408	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 112	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 112	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2776	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2776	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 5044	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 5044	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2964	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 2964	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4028	3016	InstallerGUI.exe	PluginChecker.exe
PID 3016 wrote to memory of 4028	3016	InstallerGUI.exe	PluginChecker.exe

C:\Users\Admin\AppData\Local\Temp\MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe
"C:\Users\Admin\AppData\Local\Temp\MovaviVideoEditorPlusSetupC_Wa7t1ba_.exe"
1⤵
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:840

C:\Users\Admin\AppData\Local\Temp\MovaviWebInstaller-970024429\1824239629_Wa7t1ba_.exe
C:/Users/Admin/AppData/Local/Temp/MovaviWebInstaller-970024429/1824239629_Wa7t1ba_.exe /S /LOCALE=en_US /D=C:/Users/Admin/AppData/Roaming /WEBUID=a7t1ba /PREFERRED_BROWSER=chrome.exe
2⤵
- Executes dropped EXE
- Suspicious use of WriteProcessMemory
PID:324

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\InstallerGUI.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\InstallerGUI.exe "--distrib-name=C:\Users\Admin\AppData\Local\Temp\MovaviWebInstaller-970024429\1824239629_Wa7t1ba_.exe" "/S" "/LOCALE=en_US" "/D=C:/Users/Admin/AppData/Roaming" "/WEBUID=a7t1ba" "/PREFERRED_BROWSER=chrome.exe"
3⤵
- Checks BIOS information in registry
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Loads dropped DLL
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious behavior: EnumeratesProcesses
- Suspicious use of SetWindowsHookEx
- Suspicious use of WriteProcessMemory
PID:3016

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\crashpad_handler.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\crashpad_handler.exe --no-rate-limit --database=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0 --metrics-dir=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0 --url=https://o474997.ingest.sentry.io:443/api/4504371526893568/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=be163ba9c8fc4472baedcce3cfb2b09b --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0\dc1790eb-cde7-42af-aa3d-392f01a503d7.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0\dc1790eb-cde7-42af-aa3d-392f01a503d7.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0\dc1790eb-cde7-42af-aa3d-392f01a503d7.run\__sentry-breadcrumb2 --initial-client-data=0x3a4,0x3a8,0x3ac,0x380,0x3b0,0x7ff9d9f01fe8,0x7ff9d9f02000,0x7ff9d9f02018
4⤵
- Executes dropped EXE
PID:2688

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Video Editor 23/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4464

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Video Editor 23/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
4⤵
- Executes dropped EXE
PID:3156

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" OglManager OglManager
4⤵
- Executes dropped EXE
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:4500

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" FiltersFF AlgorithmFactory
4⤵
- Executes dropped EXE
PID:1004

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Video Editor 23/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:3944

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" DecodersFF CodecFactory
4⤵
- Executes dropped EXE
PID:4300

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EncodersFF CodecFactory
4⤵
- Executes dropped EXE
PID:4248

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EncoderLossless CodecFactory
4⤵
- Executes dropped EXE
PID:3260

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Video Editor 23/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4812

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EncoderNVENC CodecFactory
4⤵
- Executes dropped EXE
PID:4764

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" DecoderNVDEC CodecFactory
4⤵
- Executes dropped EXE
PID:1172

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EncoderAMF CodecFactory
4⤵
- Executes dropped EXE
PID:4544

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EncoderIM CodecFactory
4⤵
- Executes dropped EXE
PID:1656

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" DecoderMF CodecFactory
4⤵
- Executes dropped EXE
- Modifies registry class
PID:2944

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EncoderMF CodecFactory
4⤵
- Executes dropped EXE
PID:2592

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" DecoderRAW CodecFactory
4⤵
- Executes dropped EXE
PID:3168

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" Effects EffectFactory
4⤵
- Executes dropped EXE
PID:1676

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EffectsFF EffectFactory
4⤵
- Executes dropped EXE
PID:2248

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EffectsOgl EffectFactory
4⤵
- Executes dropped EXE
PID:928

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" EffectsOnnxRT EffectFactory
4⤵
- Executes dropped EXE
PID:5108

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" Filters FilterFactory
4⤵
- Executes dropped EXE
PID:2208

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" FiltersFF FilterFactory
4⤵
- Executes dropped EXE
PID:664

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" FiltersOgl FilterFactory
4⤵
- Executes dropped EXE
PID:224

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" FiltersSpeex FilterFactory
4⤵
- Executes dropped EXE
PID:3408

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" FiltersOnnxRT FilterFactory
4⤵
- Executes dropped EXE
PID:112

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" AnalyzerAudio AnalyzerFactory
4⤵
- Executes dropped EXE
PID:2776

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" AnalyzerVideoOpenCV AnalyzerFactory
4⤵
- Executes dropped EXE
PID:5044

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" AnalyzerVideoOnnxRT AnalyzerFactory
4⤵
- Executes dropped EXE
PID:2964

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" MuxerFF MuxerFactory
4⤵
- Executes dropped EXE
PID:4028

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" MuxerHEIF MuxerFactory
4⤵
- Executes dropped EXE
PID:2632

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" MuxerNetworkAPI MuxerFactory
4⤵
- Executes dropped EXE
PID:1160

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" ParserFF ParserFactory
4⤵
- Executes dropped EXE
PID:2120

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" ParserHEIF ParserFactory
4⤵
- Executes dropped EXE
PID:4988

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" ParserRAW ParserFactory
4⤵
- Executes dropped EXE
PID:1696

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginChecker.exe" ParserCD ParserFactory
4⤵
- Executes dropped EXE
PID:2440

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" DECODER MEDIA_FOUNDATION_IMPL CODEC_ID_WMV3 ""
4⤵
- Executes dropped EXE
- Checks processor information in registry
- Modifies registry class
PID:5100

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" DECODER MEDIA_FOUNDATION_IMPL CODEC_ID_H264 ""
4⤵
- Executes dropped EXE
- Modifies registry class
PID:3968

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" DECODER MEDIA_FOUNDATION_IMPL CODEC_ID_AC3 ""
4⤵
- Executes dropped EXE
- Modifies registry class
PID:756

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" DECODER MEDIA_FOUNDATION_IMPL CODEC_ID_AAC ""
4⤵
- Executes dropped EXE
- Modifies registry class
PID:4568

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" ENCODER MEDIA_FOUNDATION_IMPL CODEC_ID_H264 ""
4⤵
- Drops file in System32 directory
- Drops file in Windows directory
- Executes dropped EXE
- Modifies registry class
PID:2792

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" ENCODER MEDIA_FOUNDATION_IMPL CODEC_ID_AC3 ""
4⤵
- Executes dropped EXE
- Modifies registry class
PID:2796

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe
"C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecChecker.exe" ENCODER MEDIA_FOUNDATION_IMPL CODEC_ID_AAC ""
4⤵
- Executes dropped EXE
PID:3748

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Video Editor 23/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
4⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4140

C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviStatistics.exe a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Movavi Video Editor 23/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
4⤵
- Executes dropped EXE
PID:3020

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\VideoEditor.exe
"C:/Users/Admin/AppData/Roaming/Movavi Video Editor 23/VideoEditor.exe"
2⤵
- Checks BIOS information in registry
- Writes to the Master Boot Record (MBR)
- Executes dropped EXE
- Modifies registry class
- Suspicious behavior: AddClipboardFormatListener
- Suspicious use of SetWindowsHookEx
PID:1340

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\crashpad_handler.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0 --metrics-dir=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0 --url=https://o474997.ingest.sentry.io:443/api/6722881/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=0585fa203d284c9a87e12483e31f4391 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\0b2fff82-96e2-4d1d-f46f-d53d8fef379f.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\0b2fff82-96e2-4d1d-f46f-d53d8fef379f.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\0b2fff82-96e2-4d1d-f46f-d53d8fef379f.run\__sentry-breadcrumb2 --initial-client-data=0x3c8,0x3cc,0x3d0,0x3a4,0x3d4,0x7ff9cb371fe8,0x7ff9cb372000,0x7ff9cb372018
3⤵
- Executes dropped EXE
PID:3536

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe" a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Video Editor/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:4780

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe" a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Video Editor/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
3⤵
- Executes dropped EXE
- Suspicious use of SetWindowsHookEx
PID:2132

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\VideoEditor.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\VideoEditor.exe"
1⤵
- Executes dropped EXE
PID:1656

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\crashpad_handler.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0 --metrics-dir=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0 --url=https://o474997.ingest.sentry.io:443/api/6722881/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=0585fa203d284c9a87e12483e31f4391 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\68992fe9-e4ca-41cd-0ddf-83b74a4677c3.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\68992fe9-e4ca-41cd-0ddf-83b74a4677c3.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\68992fe9-e4ca-41cd-0ddf-83b74a4677c3.run\__sentry-breadcrumb2 --initial-client-data=0x3cc,0x3d0,0x3d4,0x3a4,0x3d8,0x7ff9cb3f1fe8,0x7ff9cb3f2000,0x7ff9cb3f2018
2⤵
PID:3048

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe" a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Video Editor/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
2⤵
PID:4948

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe" a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Video Editor/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
2⤵
PID:4264

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\VideoEditor.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\VideoEditor.exe"
1⤵
PID:1968

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\crashpad_handler.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\crashpad_handler.exe" --no-rate-limit --database=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0 --metrics-dir=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0 --url=https://o474997.ingest.sentry.io:443/api/6722881/minidump/?sentry_client=sentry.native/0.5.0&sentry_key=0585fa203d284c9a87e12483e31f4391 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\725ec12b-8938-4229-d717-70e0b353208b.run\__sentry-event --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\725ec12b-8938-4229-d717-70e0b353208b.run\__sentry-breadcrumb1 --attachment=C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\725ec12b-8938-4229-d717-70e0b353208b.run\__sentry-breadcrumb2 --initial-client-data=0x3bc,0x3c0,0x3c4,0x398,0x3c8,0x7ff9caf81fe8,0x7ff9caf82000,0x7ff9caf82018
2⤵
PID:4996

C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe
"C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe" a17701da2aa42d9fc36aebcc41083540 "Movavi Video Editor Plus" Movavi 23.3.0.0 DEFAULT 3162353164333834383337303238353035643836386562363865326330343338 fa1078ce9ffcb0574d9b857eaae74aefffffd81c https proxysss.movavi.com 0 80 "C:/Users/Admin/AppData/Local/Movavi/Video Editor/cache\a17701da2aa42d9fc36aebcc41083540\23.3.0.0"
2⤵
PID:1472

Network

MITRE ATT&CK Matrix ATT&CK v6

Initial Access

Execution

Persistence

Bootkit

T1067

Privilege Escalation

Defense Evasion

Credential Access

Discovery

Query Registry

T1012

System Information Discovery

T1082

Lateral Movement

Collection

Exfiltration

Command and Control

Impact

Replay Monitor

Loading Replay Monitor...

Downloads

C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\0b2fff82-96e2-4d1d-f46f-d53d8fef379f.run\__sentry-breadcrumb1
Filesize
1KB

MD5
e751ce0fdb10f809509dd66571feacc5

SHA1
f62de8df5c2d53034ea764090df46ca25568059b

SHA256
1e818748d50bf99ccb0e9dc188aa987ef1b62652f775fdd41fdc44b5e0bef502

SHA512
be0c61c638bca81a3610ef0775a65f6ae4c89e62e072fe118fb8ec9d2db92eefd47305ba564172601b3b85a1e636355ba741af8090990410681db253b584090d

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\0b2fff82-96e2-4d1d-f46f-d53d8fef379f.run\__sentry-breadcrumb1
Filesize
4KB

MD5
4df0c6663d86ad51f7915b760dad7751

SHA1
5a7335daa376f849a30d4340636d75cd70932c3a

SHA256
d6a6bff8a4c26e1d1a712029f1c8b07b60944e44cbaf74c64231646d676b0664

SHA512
d1d44bb014687c7e96659e7b927cea06485ed4cd40ac2c611c9e6c5224adb5ed805dc738784db62567a6a50a98e9c631b92f35e145e9bbb22a880f684cd58ba3

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\0b2fff82-96e2-4d1d-f46f-d53d8fef379f.run\__sentry-event
Filesize
471B

MD5
901f51114291db22af84f21c19e8adf8

SHA1
cfd0dacd597bbdd161845b66d65f28f00c083f88

SHA256
7c501894b24f79a39bc98901787cb99750b28b994e243851f8d5c51ccebd585b

SHA512
9db1deee267a239fa0da9c9e4ddb8b14d26deed6ad9fd39a3139bcf7d8ec4456f4c30eb14afd8c5c2030807570a7b0036e5f1e0e0354389415015c61485a40fe

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\68992fe9-e4ca-41cd-0ddf-83b74a4677c3.run\__sentry-breadcrumb1
Filesize
4KB

MD5
1a79ae7c3060206f5b51e42c0e409abd

SHA1
576653770af65c89e98c3c521935d97c2a09843f

SHA256
7d0728820639480005c4bd35a5520e1a1d18db2aecc1ddc822b939c5b98a9906

SHA512
295f2c5473f78c9073099d3db5ba741ed0acdbfce80d552ae4dced91b06590aebdd54b8fac831137587b2019288e0685d7bf7040fc18c87cd86e2fa2158fe51e

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\725ec12b-8938-4229-d717-70e0b353208b.run\__sentry-breadcrumb1
Filesize
2KB

MD5
c4939de06a09ce0b4ba06a2d7f13578d

SHA1
6dfb385394b67ab79870ecd2a515cea1b8ae365e

SHA256
47c0b812b93939dc3f7e1fd2b36ff81501566c3e4a46ecd833d09ea87af3d1a3

SHA512
41eb6c6527bb0da5b59b86ee9b3b2ef440022b1dfa2658c4a80df7cfdaeabeb09a3654a9fb720a171b2c1750ba308fd0570ffec7a8752f0e16bcd5c59b55de70

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\0.5.0\settings.dat
Filesize
40B

MD5
f254691b378777686fd31cc6d1d6f288

SHA1
e41ba6cba802800a567cf90e0ba169cca7020a9a

SHA256
5924414a6b01c413a575e04d3f3c06336e806d9156cb84f911f21ecf51f667b5

SHA512
ed3e2c00f4419ad61c00d7e4775c56caf25cdbabe0a2b44823c56aa1bbaf9b79707c44786e1390515b8721986c3d1462ff69b7e153f6ec21b407869c3952fb65

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0\dc1790eb-cde7-42af-aa3d-392f01a503d7.run\__sentry-breadcrumb1
Filesize
15KB

MD5
6f28cb4b168700aaea8e5a619539c2e9

SHA1
18d78854ed1544549c9753729c3f73964f1584fc

SHA256
1e7996a0119833ba95f0f725bd549e27b5282098f96d94b27ce919fe64adaa64

SHA512
7493173b3500e6e1d7b412c68196f9f3620fc4cc31ffc30d07f9d538d932479d142ca295ffabef54fdc2d2d50923c2f1008b2faed6ed607f9b78b1147b0121f9

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0\dc1790eb-cde7-42af-aa3d-392f01a503d7.run\__sentry-breadcrumb1
Filesize
1KB

MD5
cdf4064b9c8ff7abca6165b348c8cb85

SHA1
90e9551840d9beb8df941f70895422900268d898

SHA256
3851ec0e79d19fcf7e577dc09782e60366b538148895fe0a1792f3cdb2ca1352

SHA512
339d8d96beec1d9ec9a0c1470a45c8ade51f0ca0bd880663846219fad021e1042d9ad70cbc5ae805ac4c37abf8b9503575e0f2a84cff2d0afba5051e9ca02d8d

Download Submit
C:\Users\Admin\AppData\Local\Movavi\Sentry\videoeditorplus\23.3.0\installer\0.5.0\dc1790eb-cde7-42af-aa3d-392f01a503d7.run\__sentry-breadcrumb2
Filesize
8KB

MD5
d9dbe7bd5f6c7e4d514762898938f20a

SHA1
c39b96bbf624e3440b122b7d43efab3749ec1229

SHA256
b87292e2bf0a56f87b3d7cd8f9b52329de977b49298268012dff62f8d7a10518

SHA512
6d564f041892add231cfb27f8231ca52f538b16796b2957293743ff13704073f8cde165131796029411daf196ff5f6381ef2ea3c6598800aecdb6289752cdfad

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\AppActivation.dll
Filesize
874KB

MD5
e655fcbf1f08c2f8ec6f00bdb3e988c5

SHA1
865e70645711724ff6e3bb0fa126825fac09c6bb

SHA256
45aeda2afb110094ed78f99e99d8e04907b17cdc9d86392178a4a8e4400fbf23

SHA512
5e3e316074796014c7690889ee07ec68aff94958f091831e9982b9aaa1da552dad8cd5d2036fcf0b9b2e1aade382b0220712df0a6bfbc82d218600c2f6a508dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\AppActivation.dll
Filesize
874KB

MD5
e655fcbf1f08c2f8ec6f00bdb3e988c5

SHA1
865e70645711724ff6e3bb0fa126825fac09c6bb

SHA256
45aeda2afb110094ed78f99e99d8e04907b17cdc9d86392178a4a8e4400fbf23

SHA512
5e3e316074796014c7690889ee07ec68aff94958f091831e9982b9aaa1da552dad8cd5d2036fcf0b9b2e1aade382b0220712df0a6bfbc82d218600c2f6a508dd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Application.dll
Filesize
2.9MB

MD5
8f83173b2858fd5d3a43e38068a1058f

SHA1
edaa7c73fb42d1fa2113de55653e285df0459186

SHA256
fc37de4275637309dee75543d2d573cc8632e10b95a39f56afa7053f920992cb

SHA512
f0c6b4a4dd15d38cc446a7db739b85e629f11998f63c4e98e8d09bdf06a34a171ab7b6c6b8837484c0f394c93107ffc003ce34bd28280fd0aaa4b6ffed7a32c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Application.dll
Filesize
2.9MB

MD5
8f83173b2858fd5d3a43e38068a1058f

SHA1
edaa7c73fb42d1fa2113de55653e285df0459186

SHA256
fc37de4275637309dee75543d2d573cc8632e10b95a39f56afa7053f920992cb

SHA512
f0c6b4a4dd15d38cc446a7db739b85e629f11998f63c4e98e8d09bdf06a34a171ab7b6c6b8837484c0f394c93107ffc003ce34bd28280fd0aaa4b6ffed7a32c6

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\ApplicationRegistry.dll
Filesize
318KB

MD5
afb315a622c51c34b614fbd30c6ab3ce

SHA1
830eb68d6c8ddcfd0e77b4d16c85099582f5e3d9

SHA256
9a1e0d1f18a0eed99045aad0074f7b21abe37b6175db7a26bd2efb31b6ae52d2

SHA512
76675060f2ba88951ee8c4eea50f9c02875c2b050aa648dd675a4d512345dbce975f291049eb06696ac1c510d1b2c2b964be3edfb89f91a7864a2be7065b6fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\ApplicationRegistry.dll
Filesize
318KB

MD5
afb315a622c51c34b614fbd30c6ab3ce

SHA1
830eb68d6c8ddcfd0e77b4d16c85099582f5e3d9

SHA256
9a1e0d1f18a0eed99045aad0074f7b21abe37b6175db7a26bd2efb31b6ae52d2

SHA512
76675060f2ba88951ee8c4eea50f9c02875c2b050aa648dd675a4d512345dbce975f291049eb06696ac1c510d1b2c2b964be3edfb89f91a7864a2be7065b6fc1

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CodecCheckFun.dll
Filesize
152KB

MD5
f2d7aacb85374ae93d3d501e29758d1d

SHA1
7dc122856902af961ea52e74e59a8881aac7a052

SHA256
382961242131e0b92788a339c6ebb610daefcea961d191106af39685536fa645

SHA512
32cd66aa21ac4b3becbbeda06e82acf86653b9a2e0aab1d67cc0e68427388a4532fac793a0389c544461c51d483aefd8f1da5a6ddac89d7aa2ed6f54226ed6ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CrashHandlerInitializer.dll
Filesize
31KB

MD5
e1fe130b0636a255bcaa4844c6ed0ff5

SHA1
3fb3dd877ed186d8519cf8576f12713cf1e5beac

SHA256
aa9ae51ccaf0f3541c52e7467b79125d7eaa241ff801c39c32c898ee38f9e4da

SHA512
54fbb1aab0d468010dfea04fa94a1ed0180f72d3fbcadfaa6de7f588fb745600a70226484d8fbd2b6ec7c30c5482f5924b75e444465dd93c5982ad3e2588fc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\CrashHandlerInitializer.dll
Filesize
31KB

MD5
e1fe130b0636a255bcaa4844c6ed0ff5

SHA1
3fb3dd877ed186d8519cf8576f12713cf1e5beac

SHA256
aa9ae51ccaf0f3541c52e7467b79125d7eaa241ff801c39c32c898ee38f9e4da

SHA512
54fbb1aab0d468010dfea04fa94a1ed0180f72d3fbcadfaa6de7f588fb745600a70226484d8fbd2b6ec7c30c5482f5924b75e444465dd93c5982ad3e2588fc6c

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndAppLocations.dll
Filesize
39KB

MD5
dc0ec7778b96ec91fe68ad7feb558190

SHA1
74beb549d5751a70dedb4ebce3cc6c98ba6e6bf2

SHA256
a3d99f4a54c22a24c9963d3ed7672a307ccc8fe320faed1a2b79f4a043395765

SHA512
e385f411fd33976d8203c0b24a2b16ed0a2b72bca8d7e20a0b968f425ff38a48e4763bb1de904a7bb42da8621f87fa43325186de23cd49d66272f82a7bc66a93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndAppLocations.dll
Filesize
39KB

MD5
dc0ec7778b96ec91fe68ad7feb558190

SHA1
74beb549d5751a70dedb4ebce3cc6c98ba6e6bf2

SHA256
a3d99f4a54c22a24c9963d3ed7672a307ccc8fe320faed1a2b79f4a043395765

SHA512
e385f411fd33976d8203c0b24a2b16ed0a2b72bca8d7e20a0b968f425ff38a48e4763bb1de904a7bb42da8621f87fa43325186de23cd49d66272f82a7bc66a93

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndCrashHandler.dll
Filesize
486KB

MD5
56be485ce1ea20c3a42d5ba9751e941a

SHA1
2f58b8be604d2d1f22e58da0090ed22b13862ed9

SHA256
a5b2419a7eae92053c1c42948f305438ca5088bd1f528d79bf632b70cdbc7feb

SHA512
94a2b0fe36176b621ea0e462a7a2902cc8abe0c959babd677eff2e9269ea6608be22a6a8b9b7c6eaec8b3119e4cfb9636275d61f4f3ecdcfe7968ba5695985d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndCrashHandler.dll
Filesize
486KB

MD5
56be485ce1ea20c3a42d5ba9751e941a

SHA1
2f58b8be604d2d1f22e58da0090ed22b13862ed9

SHA256
a5b2419a7eae92053c1c42948f305438ca5088bd1f528d79bf632b70cdbc7feb

SHA512
94a2b0fe36176b621ea0e462a7a2902cc8abe0c959babd677eff2e9269ea6608be22a6a8b9b7c6eaec8b3119e4cfb9636275d61f4f3ecdcfe7968ba5695985d2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndDyLib.dll
Filesize
106KB

MD5
5f4f89e3966b83347130b866854f4ed7

SHA1
fa97728669b45d59f05f041c7ced11b7e795e2c9

SHA256
2fe44d0089012afb2c2a008830b9160f504a1441e8cc4a17a1c90d3c271e24c6

SHA512
70f52cdc60c36db8db6d80f9fba9078f66bada5629fcaf24393f89104d5c10ed159cb9472fc949a1d52654dc42f5bd008a46bceb36778d78e341da2819c6f4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndDyLib.dll
Filesize
106KB

MD5
5f4f89e3966b83347130b866854f4ed7

SHA1
fa97728669b45d59f05f041c7ced11b7e795e2c9

SHA256
2fe44d0089012afb2c2a008830b9160f504a1441e8cc4a17a1c90d3c271e24c6

SHA512
70f52cdc60c36db8db6d80f9fba9078f66bada5629fcaf24393f89104d5c10ed159cb9472fc949a1d52654dc42f5bd008a46bceb36778d78e341da2819c6f4a5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndException.dll
Filesize
112KB

MD5
067de09d4b2933fd66a9d74a6d3f1aee

SHA1
2899659a32422da64e8dfc60817ead996c61e59a

SHA256
dddeb18487194ac2d2d1e5e591978b4d9f6d734d58bfc645e0bdad75ddcf6509

SHA512
98875eed15ddbd36ed3c176b4b99d59311c7010d70d9a3db9bb63e56f5c68c22d5bb18dc9e69e3b4f091c4afa738c352ac2b7f05836f1044380ecd9fd6928dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndException.dll
Filesize
112KB

MD5
067de09d4b2933fd66a9d74a6d3f1aee

SHA1
2899659a32422da64e8dfc60817ead996c61e59a

SHA256
dddeb18487194ac2d2d1e5e591978b4d9f6d734d58bfc645e0bdad75ddcf6509

SHA512
98875eed15ddbd36ed3c176b4b99d59311c7010d70d9a3db9bb63e56f5c68c22d5bb18dc9e69e3b4f091c4afa738c352ac2b7f05836f1044380ecd9fd6928dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndException.dll
Filesize
112KB

MD5
067de09d4b2933fd66a9d74a6d3f1aee

SHA1
2899659a32422da64e8dfc60817ead996c61e59a

SHA256
dddeb18487194ac2d2d1e5e591978b4d9f6d734d58bfc645e0bdad75ddcf6509

SHA512
98875eed15ddbd36ed3c176b4b99d59311c7010d70d9a3db9bb63e56f5c68c22d5bb18dc9e69e3b4f091c4afa738c352ac2b7f05836f1044380ecd9fd6928dc2

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndFilesystem.dll
Filesize
261KB

MD5
5638f68acc7cafcad1c5eaffce5d90ee

SHA1
ea7c5d1a6c5a77a6a7bb3513d93a3fab18008520

SHA256
3a35dcc3853676772e311b958caf07f91cbcae7aa7e167884ad4f4f498ae2cfd

SHA512
14647953063eaf76cf1e76e27565862bb71a8c76e696b95ec86e51acb05f3beb871c1afad991c74e0e8b82d8525be6998bf76c776cfa78ee2aa0286698c19b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndFilesystem.dll
Filesize
261KB

MD5
5638f68acc7cafcad1c5eaffce5d90ee

SHA1
ea7c5d1a6c5a77a6a7bb3513d93a3fab18008520

SHA256
3a35dcc3853676772e311b958caf07f91cbcae7aa7e167884ad4f4f498ae2cfd

SHA512
14647953063eaf76cf1e76e27565862bb71a8c76e696b95ec86e51acb05f3beb871c1afad991c74e0e8b82d8525be6998bf76c776cfa78ee2aa0286698c19b0d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndHash.dll
Filesize
88KB

MD5
36e7f422036ce0af573e47f17fba2284

SHA1
de7078428b03e0fb0d60dc1b51568c5b9981c0f4

SHA256
645391f0a7f6e3474d9ee4eedc09fdd291bf2510f7aad7324a0c0ddbe748153d

SHA512
7a8cff98cf1ece0bd9430bd597a956c749c550dd602ade957c8d3a011f10fc94db914bf7a7f74b05b0b352e7489b2c3fc40c2e6bdcd859f74aa2f09ac7ebe691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndHash.dll
Filesize
88KB

MD5
36e7f422036ce0af573e47f17fba2284

SHA1
de7078428b03e0fb0d60dc1b51568c5b9981c0f4

SHA256
645391f0a7f6e3474d9ee4eedc09fdd291bf2510f7aad7324a0c0ddbe748153d

SHA512
7a8cff98cf1ece0bd9430bd597a956c749c550dd602ade957c8d3a011f10fc94db914bf7a7f74b05b0b352e7489b2c3fc40c2e6bdcd859f74aa2f09ac7ebe691

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndOS.dll
Filesize
178KB

MD5
b0e0286629af4336853b3d66be20c9e1

SHA1
e78684e773ea800eeb9203820382ed0137077649

SHA256
8a06d8aa6c9f927735b24a9927e6315867e9bf9a90a06abb6e1a109043c4fedf

SHA512
0af9dd476a9ab33a3c5a2e95489015304b44f5938c74aa8cdddbaab664ff5aa303892ece25f086104c53604272390d1dc84474165fdaa6863d996154449038b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndOS.dll
Filesize
178KB

MD5
b0e0286629af4336853b3d66be20c9e1

SHA1
e78684e773ea800eeb9203820382ed0137077649

SHA256
8a06d8aa6c9f927735b24a9927e6315867e9bf9a90a06abb6e1a109043c4fedf

SHA512
0af9dd476a9ab33a3c5a2e95489015304b44f5938c74aa8cdddbaab664ff5aa303892ece25f086104c53604272390d1dc84474165fdaa6863d996154449038b5

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndPointer.dll
Filesize
25KB

MD5
69926b244ee491952a770cafd3a7d114

SHA1
8eee2c704a1167d28fe8c895d99408dfe8e5f639

SHA256
1fdac480d2517c6b92960ad0e016a13872b7903fd94012036f6dc5c1202f29a8

SHA512
98bb10fdf3ff00013134eb0ff18e17dd91b7f69aa62350da69baa29cb3d378134b92baea9ace2308f86dfe0be0dfb429ee56c7a568f963be9e4fcfaab9c6b86e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndPointer.dll
Filesize
25KB

MD5
69926b244ee491952a770cafd3a7d114

SHA1
8eee2c704a1167d28fe8c895d99408dfe8e5f639

SHA256
1fdac480d2517c6b92960ad0e016a13872b7903fd94012036f6dc5c1202f29a8

SHA512
98bb10fdf3ff00013134eb0ff18e17dd91b7f69aa62350da69baa29cb3d378134b92baea9ace2308f86dfe0be0dfb429ee56c7a568f963be9e4fcfaab9c6b86e

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndString.dll
Filesize
44KB

MD5
4c4658bfe43229134aba7c476da5e0cf

SHA1
de537933c23c0417e560f4f4a83ef9fcaaee5f37

SHA256
b1ba4cc11c018b8021c29317a75e598248213f417ac4e447c6f93995c830ef57

SHA512
00b7f4dcbaae16882f21ad9b29ca4e0b9177383aa3bf7ebbd8bba813b18fa948d311ef51d56fe5a39a94153ebe623908fd30904d799299473c28895c3bc295cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndString.dll
Filesize
44KB

MD5
4c4658bfe43229134aba7c476da5e0cf

SHA1
de537933c23c0417e560f4f4a83ef9fcaaee5f37

SHA256
b1ba4cc11c018b8021c29317a75e598248213f417ac4e447c6f93995c830ef57

SHA512
00b7f4dcbaae16882f21ad9b29ca4e0b9177383aa3bf7ebbd8bba813b18fa948d311ef51d56fe5a39a94153ebe623908fd30904d799299473c28895c3bc295cd

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndVersion.dll
Filesize
67KB

MD5
d1e7062775a3b95a43a0bf639e9ca98e

SHA1
6f00a58d62cfa2b629ddfe75c464799e1e4091db

SHA256
6d259489dbd954ee58cd4e57c0d9a02338fff423f7c068e5e9a5585840a558b5

SHA512
5c55bcd767b462e46dc7afa05fd796c1cd022e54c77319774eb97a82124e9723915b0af8950dfd1c5f3d237f630c0df8c145629196612914df75c18d0e53d0ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\FndVersion.dll
Filesize
67KB

MD5
d1e7062775a3b95a43a0bf639e9ca98e

SHA1
6f00a58d62cfa2b629ddfe75c464799e1e4091db

SHA256
6d259489dbd954ee58cd4e57c0d9a02338fff423f7c068e5e9a5585840a558b5

SHA512
5c55bcd767b462e46dc7afa05fd796c1cd022e54c77319774eb97a82124e9723915b0af8950dfd1c5f3d237f630c0df8c145629196612914df75c18d0e53d0ac

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\GeneralMovaviTrackerWrapper.dll
Filesize
79KB

MD5
8db7ac3d20264cb4637d9fcf6d8e254e

SHA1
11af927fc1e453b3f83e14a2d2c50a2001f6957d

SHA256
5927af85dcf9639f8dbd3bdbec3c3f0d42888595326f7835d71bc7e150bf3385

SHA512
a66a3c5e4f62d2d1cfbb411a6ca1b0a5c9109052d6377b847314b332f4cae2896ea58e39275e9fb7323db6843cb8ae5a898cf5bed1138553415c7c452537dc81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\GeneralMovaviTrackerWrapper.dll
Filesize
79KB

MD5
8db7ac3d20264cb4637d9fcf6d8e254e

SHA1
11af927fc1e453b3f83e14a2d2c50a2001f6957d

SHA256
5927af85dcf9639f8dbd3bdbec3c3f0d42888595326f7835d71bc7e150bf3385

SHA512
a66a3c5e4f62d2d1cfbb411a6ca1b0a5c9109052d6377b847314b332f4cae2896ea58e39275e9fb7323db6843cb8ae5a898cf5bed1138553415c7c452537dc81

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\InstallerGUI.exe
Filesize
1.1MB

MD5
9d36fafb8a367e89c58b7a5f2f629352

SHA1
b9b9a48cb9346a8b847b6da7e983b1dcd318c38d

SHA256
d930e724628c447ce71f0b725f7b451563c8402bc76faca42ef9d48ce708e76d

SHA512
2b840e9bb0489737572106addb5f3d16c2d97a80722774773c29b9b90699c8718de181a8649e6993ffbb04883215887bad07e5b286b4cfa63a8f2a1fc7e9b96d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\InstallerGUI.exe
Filesize
1.1MB

MD5
9d36fafb8a367e89c58b7a5f2f629352

SHA1
b9b9a48cb9346a8b847b6da7e983b1dcd318c38d

SHA256
d930e724628c447ce71f0b725f7b451563c8402bc76faca42ef9d48ce708e76d

SHA512
2b840e9bb0489737572106addb5f3d16c2d97a80722774773c29b9b90699c8718de181a8649e6993ffbb04883215887bad07e5b286b4cfa63a8f2a1fc7e9b96d

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\InstallerLib.dll
Filesize
4.3MB

MD5
d1758992de4fcabf44cbfe039aac633e

SHA1
c6ced6f19678527a114dca346331708a5a469f2d

SHA256
45b7b8830a93cdb60c8754547cee8567b4850b2e86c4e6b5a301eaa7b2bfb181

SHA512
2234972c7111d1880321389f1dae003710d8ee08f62ea1ef7415bdf519263e7e9532a877a206d97a99f15e10fd1304320f3fe42dbd6edb49890ed26e00701868

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\InstallerLib.dll
Filesize
4.3MB

MD5
d1758992de4fcabf44cbfe039aac633e

SHA1
c6ced6f19678527a114dca346331708a5a469f2d

SHA256
45b7b8830a93cdb60c8754547cee8567b4850b2e86c4e6b5a301eaa7b2bfb181

SHA512
2234972c7111d1880321389f1dae003710d8ee08f62ea1ef7415bdf519263e7e9532a877a206d97a99f15e10fd1304320f3fe42dbd6edb49890ed26e00701868

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MQtDownloadManager.dll
Filesize
141KB

MD5
53da25a48281dbe3dd16f7c68296fb69

SHA1
4bcd91a5ddd50f731907e09a56248dd991810c80

SHA256
e4b562c570f3a3a832b50a74eae80553e39534af4bc74ffefce24734fbde9551

SHA512
29055742c4149cfe0f09260abfad1cf0e163dd1c41070ea46a0735e262f4299d3eb2e596798791b8e6115f8e84728298e36d724ea39941a034b82e6c5bd546f7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MQtUtil.dll
Filesize
534KB

MD5
4205c5e2696b4f3ebc28a7de208232d0

SHA1
50d74ecb7c357210ac1cc29d8e24313f400b6bf1

SHA256
136d900738303160e8e1ebb28b9c775ad9c7bbba0700b65eecbc441bbaebd173

SHA512
1a78bc3f014bcc2a10112b404f39c9777c9c4414d21167cf621058c442e04a5d582c3dc4193fded01dea5cd6daf1370a10213f2f8915b67d8fd186a903e3ac45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MQtUtil.dll
Filesize
534KB

MD5
4205c5e2696b4f3ebc28a7de208232d0

SHA1
50d74ecb7c357210ac1cc29d8e24313f400b6bf1

SHA256
136d900738303160e8e1ebb28b9c775ad9c7bbba0700b65eecbc441bbaebd173

SHA512
1a78bc3f014bcc2a10112b404f39c9777c9c4414d21167cf621058c442e04a5d582c3dc4193fded01dea5cd6daf1370a10213f2f8915b67d8fd186a903e3ac45

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MSVCP140.dll
Filesize
552KB

MD5
29c6c243cfb1cec96b4a1008274f9600

SHA1
c54b10ef6305cc3814c68e6c8fd6daecbb27622a

SHA256
44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04

SHA512
39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviWidget.dll
Filesize
441KB

MD5
32c1afb26ed98aeb357b95167d838865

SHA1
131d79e18c66651868aac04bfe909b7a771db79a

SHA256
70ffdab597e2ae2fdf847bc18681cf0ab328f149e7776de1f57442efeb33e00d

SHA512
68385ea9e4634899dd9812c7246b28586eb439efde5e440b6e0a4716c973bb43ef2360960f2d9455ddb11b9e605c5292744401889faff1fe17c1e7356342096b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\MovaviWidget.dll
Filesize
441KB

MD5
32c1afb26ed98aeb357b95167d838865

SHA1
131d79e18c66651868aac04bfe909b7a771db79a

SHA256
70ffdab597e2ae2fdf847bc18681cf0ab328f149e7776de1f57442efeb33e00d

SHA512
68385ea9e4634899dd9812c7246b28586eb439efde5e440b6e0a4716c973bb43ef2360960f2d9455ddb11b9e605c5292744401889faff1fe17c1e7356342096b

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\PluginCheckFun.dll
Filesize
96KB

MD5
1fe00247bb5d0016192246ef1ff2c816

SHA1
ca047b959e3483e7c1bb38703191b16ebb6ab03b

SHA256
f63bbd0470314e3d4a19a5fec39045e5779c0b2ed0a73e2b73c06cb1c916b53f

SHA512
006676dac0a9e02b3ec9779929a47a960f5a9d33d7a0334ac6ebba3f7c48d3e6d10c93f53a01f5c83a19f2d5f4a227ee1eb309932720e01f56683d14d301d75a

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Qt5Core.dll
Filesize
5.8MB

MD5
d8d89690855f48497c7a5171e3b35cd8

SHA1
db09ed59c226ce00d98e17ce8d67ec5ae65882d6

SHA256
fbf17da60876db492b0dd35d7117a171e780800d85d4d6653738bef7d70333b3

SHA512
7b86061cf9770cf3d0dbfd284f4e396645b71a3d2759507eff4e7dc2ace577aa46ddb216c8469ad034e5332f19dc98abb5214283a430a323398210a1fa908ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Qt5Core.dll
Filesize
5.8MB

MD5
d8d89690855f48497c7a5171e3b35cd8

SHA1
db09ed59c226ce00d98e17ce8d67ec5ae65882d6

SHA256
fbf17da60876db492b0dd35d7117a171e780800d85d4d6653738bef7d70333b3

SHA512
7b86061cf9770cf3d0dbfd284f4e396645b71a3d2759507eff4e7dc2ace577aa46ddb216c8469ad034e5332f19dc98abb5214283a430a323398210a1fa908ce7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Qt5Gui.dll
Filesize
6.5MB

MD5
2c088f57c08b3aceb1bc37d2728fd603

SHA1
5deb5fcaf7b90c3b9e8c3d0ec22bc394c8143617

SHA256
7ac9fed5e55391a864f8d9eccd747baf0097d60f18ac3cbb6f889b168e3ad4d5

SHA512
e016b651cee05910101913976fcb0aadff43784ccde7b3697c93cded7862f5e11c9ccb915caabaf7145468313734eb63f6a3b739a687ffccc90a1f005e5f53f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Qt5Gui.dll
Filesize
6.5MB

MD5
2c088f57c08b3aceb1bc37d2728fd603

SHA1
5deb5fcaf7b90c3b9e8c3d0ec22bc394c8143617

SHA256
7ac9fed5e55391a864f8d9eccd747baf0097d60f18ac3cbb6f889b168e3ad4d5

SHA512
e016b651cee05910101913976fcb0aadff43784ccde7b3697c93cded7862f5e11c9ccb915caabaf7145468313734eb63f6a3b739a687ffccc90a1f005e5f53f4

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Qt5Widgets.dll
Filesize
5.3MB

MD5
9d72caff2f5b5197e624d36f3878c61f

SHA1
23f81afa894b0e77efd45c5ece024459292221e2

SHA256
27ec360c740c9b6e5cc3ab796f5fb844ddada5c847fdf3fb00f2abacc2313473

SHA512
e18c2ce361f68ee6b50062ec627b7cadf483b955251e72e374ab945fdc1448e25f8e802c0b27dec003e2ca38d863c4c3623ba1d5015496ec2a495b44ce9d6aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Qt5Widgets.dll
Filesize
5.3MB

MD5
9d72caff2f5b5197e624d36f3878c61f

SHA1
23f81afa894b0e77efd45c5ece024459292221e2

SHA256
27ec360c740c9b6e5cc3ab796f5fb844ddada5c847fdf3fb00f2abacc2313473

SHA512
e18c2ce361f68ee6b50062ec627b7cadf483b955251e72e374ab945fdc1448e25f8e802c0b27dec003e2ca38d863c4c3623ba1d5015496ec2a495b44ce9d6aa9

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Tracker.dll
Filesize
39KB

MD5
76fa5f67747c14f5acab02657bc4afd1

SHA1
cdf493e8283ce42369e0663c4699006152c5b2e7

SHA256
60afaea2107997b90fc488d3c9f5534598690768313b8bc2965079bcba756a55

SHA512
9ed75563e47299354814eafce09e4d501899b2e6eb9c3653ae5aa40dd9f6bf8f5ded555b6a214c7d6b79110a8f516a7366c202598d23c8afee899ce9793b74a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\Tracker.dll
Filesize
39KB

MD5
76fa5f67747c14f5acab02657bc4afd1

SHA1
cdf493e8283ce42369e0663c4699006152c5b2e7

SHA256
60afaea2107997b90fc488d3c9f5534598690768313b8bc2965079bcba756a55

SHA512
9ed75563e47299354814eafce09e4d501899b2e6eb9c3653ae5aa40dd9f6bf8f5ded555b6a214c7d6b79110a8f516a7366c202598d23c8afee899ce9793b74a7

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\TrackerFactory.dll
Filesize
117KB

MD5
fb89d641c8e8ffebc4356bdd7a2025cf

SHA1
8d2bd712e59693cb039612c156aeb535af2ba3ca

SHA256
f23d1f488339472c9f99af8f9c93f6579939cbce8c24e4ab541cc26fc4a0df4e

SHA512
20bc04aa4cf6024a4fd71fc76572f00d092ebecfc8bf8ebf542253cbd5a74c17ef6f235987a2097ef9ceeda874d3b76c696c208a77895a702f1170a038aed882

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\TrackerFactory.dll
Filesize
117KB

MD5
fb89d641c8e8ffebc4356bdd7a2025cf

SHA1
8d2bd712e59693cb039612c156aeb535af2ba3ca

SHA256
f23d1f488339472c9f99af8f9c93f6579939cbce8c24e4ab541cc26fc4a0df4e

SHA512
20bc04aa4cf6024a4fd71fc76572f00d092ebecfc8bf8ebf542253cbd5a74c17ef6f235987a2097ef9ceeda874d3b76c696c208a77895a702f1170a038aed882

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\VCRUNTIME140.dll
Filesize
94KB

MD5
02794a29811ba0a78e9687a0010c37ce

SHA1
97b5701d18bd5e25537851614099e2ffce25d6d8

SHA256
1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f

SHA512
caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\VCRUNTIME140_1.dll
Filesize
36KB

MD5
d8d1a08176ba2542c58669c1c04da1b7

SHA1
e0d0059baf23fb5e1d2dadedc12e2f53c930256d

SHA256
26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d

SHA512
5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\boost_filesystem-mt-x64.dll
Filesize
124KB

MD5
f1f8544abaae47b61cbbb5c8ba4bdcbd

SHA1
8ff7de499f3bf503be60851262fba516152d6bba

SHA256
57731503db5a05f1dff01b00c983ff5b00c6bd228f8615301afaeeef83437f08

SHA512
13a3a4cb288c485750fcf5c6c033511547b44cc705ca42e16bf4c554e6c104313eaaf78eb6fbf42e356656d8b103aadcc8e08f7593166c85f4a2ecc792493207

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\boost_filesystem-mt-x64.dll
Filesize
124KB

MD5
f1f8544abaae47b61cbbb5c8ba4bdcbd

SHA1
8ff7de499f3bf503be60851262fba516152d6bba

SHA256
57731503db5a05f1dff01b00c983ff5b00c6bd228f8615301afaeeef83437f08

SHA512
13a3a4cb288c485750fcf5c6c033511547b44cc705ca42e16bf4c554e6c104313eaaf78eb6fbf42e356656d8b103aadcc8e08f7593166c85f4a2ecc792493207

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\glog.dll
Filesize
114KB

MD5
4f255c84763533758bbaaa44bfa3ab65

SHA1
c59e416aee8573ce29f4df713b239e85938d5de0

SHA256
cd2cbd578f37b834fb5c3567711d790643ec1b78aa701b4dc2966d6a72e2a4a2

SHA512
bb68f5a7fbf2151d1ae65871123bf9abd33ea682d475e607f19034eb0da0338d83d45c6bc4604385fcd4164cda0fbea538044cdf2f8fce37b62ed204c056cd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\glog.dll
Filesize
114KB

MD5
4f255c84763533758bbaaa44bfa3ab65

SHA1
c59e416aee8573ce29f4df713b239e85938d5de0

SHA256
cd2cbd578f37b834fb5c3567711d790643ec1b78aa701b4dc2966d6a72e2a4a2

SHA512
bb68f5a7fbf2151d1ae65871123bf9abd33ea682d475e607f19034eb0da0338d83d45c6bc4604385fcd4164cda0fbea538044cdf2f8fce37b62ed204c056cd33

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\msvcp140.dll
Filesize
552KB

MD5
29c6c243cfb1cec96b4a1008274f9600

SHA1
c54b10ef6305cc3814c68e6c8fd6daecbb27622a

SHA256
44a5af24f8d5f9c50a9e5a200a0486100afb6a0e86377e2e3e622a7bbb57cb04

SHA512
39c34554ea7b6d433c2aecfdeff87959e625e943bf7a446ebca8e5878eaf24198c1b188359a0343fb78478f2bc8b986ca4d0e69d39bac6ff80cb901fe4f113ee

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\vcruntime140.dll
Filesize
94KB

MD5
02794a29811ba0a78e9687a0010c37ce

SHA1
97b5701d18bd5e25537851614099e2ffce25d6d8

SHA256
1729421a22585823493d5a125cd43a470889b952a2422f48a7bc8193f5c23b0f

SHA512
caf2a478e9c78c8e93dd2288ed98a9261fcf2b7e807df84f2e4d76f8130c2e503eb2470c947a678ac63e59d7d54f74e80e743d635428aa874ec2d06df68d0272

Download Submit
C:\Users\Admin\AppData\Local\Temp\Movavi-installer-10f79263-3ace-4996-bd2c-f02a598a674e\vcruntime140_1.dll
Filesize
36KB

MD5
d8d1a08176ba2542c58669c1c04da1b7

SHA1
e0d0059baf23fb5e1d2dadedc12e2f53c930256d

SHA256
26c29d01df73a8e35d32e430c892d925abb6e4ad62d3630ae42b69daacba1a0d

SHA512
5308790fbcf6348e87e7d5b9235ed66942527326f7ba556c910d68d94617bdd247a4ed540b4b9f8d4e73d15cf4a7204c0a57d4fd348ec26e53f39b91be8617fb

Download Submit
C:\Users\Admin\AppData\Local\Temp\MovaviWebInstaller-970024429\1824239629_Wa7t1ba_.exe
Filesize
90.1MB

MD5
5df245fde4e3f391c971eef69cd5b81a

SHA1
d850c5d0b1426b20016e43cc1260f8dc453daf40

SHA256
e0ab15ac2da2fb2fdbe3f2c47179453665aa2dd0ec0bfe47654a0cc9ed9cabc8

SHA512
bbd0f1296e21b6ba4c06b6699c386e63a4d74d3f2a00daec4d93cfe17c9838b81c955141610e2286700b79c963ac0daf3b54b00216e414bbc56fc2bdd0739d91

Download Submit
C:\Users\Admin\AppData\Local\Temp\MovaviWebInstaller-970024429\1824239629_Wa7t1ba_.exe
Filesize
90.1MB

MD5
5df245fde4e3f391c971eef69cd5b81a

SHA1
d850c5d0b1426b20016e43cc1260f8dc453daf40

SHA256
e0ab15ac2da2fb2fdbe3f2c47179453665aa2dd0ec0bfe47654a0cc9ed9cabc8

SHA512
bbd0f1296e21b6ba4c06b6699c386e63a4d74d3f2a00daec4d93cfe17c9838b81c955141610e2286700b79c963ac0daf3b54b00216e414bbc56fc2bdd0739d91

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\MovaviStatistics.exe
Filesize
50KB

MD5
56d01c79e6d8d208a1651bca4dda8560

SHA1
785ba69adfad24c4a565fb3f640961d396681202

SHA256
5fd3ba7fd176b2bfa4b14f5d53718bacb67ef20b7b0deeb6328f0de3a56a53df

SHA512
03e0c09ec88dc9f87e852caf780e8c2e69e3110fbe55887e8d6f0b23a3263f6d462fd3c94a918ad60c71818ba4e27e5d65fe3ba122d0d3c5fd591322a75b158b

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\VideoEditor.exe
Filesize
7.3MB

MD5
a2dc38d5e9df8c6e30de9def55dd0061

SHA1
dcab779f6850c072fd44bbcb9ef0a6c918def695

SHA256
50f9e5079427838e24e416181e307f4eeb43e602d2eaa5eea97f764952fd4410

SHA512
5ffa72c06b5d3febab1841c5731f3072d107f74c36a8af558fe3c062c0241e59a8ffa310996319374ccda31c1ed24fc4b87ce1b2f3558e3ad6862acdf1e6d0ba

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\animations\All\05__Downward\meta.json
Filesize
57B

MD5
397860e39114807636143cf9cded92d0

SHA1
105b7f704618fff593c5a0cdd3195496ff8dd770

SHA256
4e1bffe7ba9fc5997d2772351ed5fc876bbb9082876867668ac2f3374fe0a967

SHA512
add114e352c8b98bbf0f404cbdaad92495ad149c91d64b3b4139a8a99e7d502ccbdb1e63d9b0146b6ab298c6ce3a5ceadf47785c75c197d7977a023bb50d8961

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\imports\Audio\Audio_Beep_set\images\preview.png
Filesize
5KB

MD5
2be0449cb69305f3d7108801d75220e8

SHA1
a00d24ed4f86a990d608aaee0aab41b052ca3faa

SHA256
0e3e825d4ad89330bdf051defaadc3fb1401bab8af64337b05a8802542718f2e

SHA512
97f40c818dad8013995e8267604ab65990bd34150ce44b63318f7491665fd28e24869722eaa90b3d6b2d46269b9a3bb1a8020674f35d25631520771f5ec05919

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\packages\Content\RemotePackages\MESStockNewEffects2020\effects\all\{bbed1f60-10d7-4b68-a9e9-4c808f3b4fee}\version.xml
Filesize
111B

MD5
ee967846b96120d073ae5e8322a23b3e

SHA1
79d2551e78f09fcfbe3768bb785baca08d994bb6

SHA256
3d8f290b1548b462c6ea73f1d075abc84ea951641e237e853f639268318c5e03

SHA512
89b215294f0c498492d82c5a9fc62e30eac65299a760c9b73fcd693975eec1aab373b2d25e1fe75289d41620135c204beb605eb0726e2f3554fd7b35f924b162

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\packages\Content\RemotePackages\MESStockThemesPack\imports\all\{475708e8-6e49-416f-b2e8-c08c5fd663da}\version.xml
Filesize
111B

MD5
f4e01c472f397751b00783072ee3d41b

SHA1
7bbb4c67cdb42bc4ab9011c51ea5307dce46138e

SHA256
2fd01c6dc5ddb425d4c2e2a2c40f46cff667e2768385dbbae4d622dfe509a5f0

SHA512
c63f1fe50d01b9171ce107262ab5e03db8e3b7ee922e48c21404d33b59f7b8893493bf39e35c4e4e2c99550f4e22510488b5e2b75f7d20f64372a436fb925d50

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\packages\Content\RemotePackages\MESStockThemesPack\resources\randomTheme\theme\version.xml
Filesize
111B

MD5
40b03fd39ce75a817795881d9bb408db

SHA1
7a32668c8d74d470a16e5dd6bd53a85bd68d53e0

SHA256
769cadc93b30fc0a019d7e6ae27f4191bfcd03d2dc05029303971183f3b55d23

SHA512
8f9d027a765b2e7d00f74e35b1f97ae4df19db4d0b56da7c7213ac594ae9def7100aab74e86ce8dd92a3d13ee7d8f4069c891da4e9ff3ea650383c2a040f0803

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\packages\Content\RemotePackages\MESStockTransitionsWithAudio\Transitions\all\{98e9e41e-3a7d-499e-84b9-8d264b0fab94}\version.xml
Filesize
112B

MD5
5a92f85207732f261e8c9780ee31d4f1

SHA1
62735ffceaceee0f5662ab56c534401f95cabb78

SHA256
18f339c06a84c2075b9de5610233f1775e999fc4f56856e123f02e23c6bf54fd

SHA512
8877bc84ba928e98e103c5d7e24f885b9ba2639119b959b26e9a812061f706875577bd467b9e720c998999a65d81908b87ff93f864bb09652afbc7258b785447

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\resources\samples\stock\packages\Content\RemotePackages\MESStockWhooshTransitions\transitions\all\{1c3ea148-67bc-4ebf-a4c2-9386a130026c}\version.xml
Filesize
108B

MD5
5eef0966fad2031510ea22c37c06cf16

SHA1
0bb95bc1d28700e13547e4b58d3861a7b2a5e8cf

SHA256
3f8def7c6ee86d81011715cd98fc70d1fdb36dd9cfcbec117f0237bcea211c67

SHA512
a91cf3b139c781e10d6ea674c27e3f0b72831d2e62ba0f6c092c1b144ba2ac49b925f3cb8b548d5b14ec5068ef2a6e29d2fb65cca7c5950c3fa7e371af32dec8

Download Submit
C:\Users\Admin\AppData\Roaming\Movavi Video Editor 23\uninst.exe
Filesize
1.1MB

MD5
9d36fafb8a367e89c58b7a5f2f629352

SHA1
b9b9a48cb9346a8b847b6da7e983b1dcd318c38d

SHA256
d930e724628c447ce71f0b725f7b451563c8402bc76faca42ef9d48ce708e76d

SHA512
2b840e9bb0489737572106addb5f3d16c2d97a80722774773c29b9b90699c8718de181a8649e6993ffbb04883215887bad07e5b286b4cfa63a8f2a1fc7e9b96d

Download Submit
memory/756-5191-0x000001880B4E0000-0x000001880B4F0000-memory.dmp

Filesize
64KB

Download
memory/1004-2421-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/1004-2687-0x00007FF9C59D0000-0x00007FF9C5A00000-memory.dmp

Filesize
192KB

Download
memory/1004-1974-0x00007FF9BFCF0000-0x00007FF9C24C1000-memory.dmp

Filesize
39.8MB

Download
memory/1004-2168-0x00007FF9C73F0000-0x00007FF9C762D000-memory.dmp

Filesize
2.2MB

Download
memory/1004-2646-0x0000000068DC0000-0x00000000690B1000-memory.dmp

Filesize
2.9MB

Download
memory/1004-2531-0x0000027EFF070000-0x0000027EFF083000-memory.dmp

Filesize
76KB

Download
memory/1004-2480-0x000000006FC40000-0x000000006FDA5000-memory.dmp

Filesize
1.4MB

Download
memory/1004-2367-0x0000000061440000-0x000000006145A000-memory.dmp

Filesize
104KB

Download
memory/1004-2342-0x00007FF9C67E0000-0x00007FF9C6875000-memory.dmp

Filesize
596KB

Download
memory/1004-2236-0x00007FF9C6B20000-0x00007FF9C6B48000-memory.dmp

Filesize
160KB

Download
memory/1004-1703-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/1004-2181-0x00007FF9C6B50000-0x00007FF9C6BE2000-memory.dmp

Filesize
584KB

Download
memory/1004-2580-0x00007FF9C5A00000-0x00007FF9C5C8D000-memory.dmp

Filesize
2.6MB

Download
memory/1340-5389-0x0000019EFDC80000-0x0000019EFDC90000-memory.dmp

Filesize
64KB

Download
memory/1340-5400-0x00007FF9BD810000-0x00007FF9BDDCB000-memory.dmp

Filesize
5.7MB

Download
memory/1340-5398-0x00007FF9BDE60000-0x00007FF9BE41B000-memory.dmp

Filesize
5.7MB

Download
memory/1656-5449-0x00007FF9BD810000-0x00007FF9BDDCB000-memory.dmp

Filesize
5.7MB

Download
memory/1656-5476-0x00007FF9BD810000-0x00007FF9BDDCB000-memory.dmp

Filesize
5.7MB

Download
memory/1656-5448-0x000002766F0D0000-0x000002766F0E0000-memory.dmp

Filesize
64KB

Download
memory/1656-5502-0x00007FF9BD810000-0x00007FF9BDDCB000-memory.dmp

Filesize
5.7MB

Download
memory/1656-5501-0x000002766F0D0000-0x000002766F0E0000-memory.dmp

Filesize
64KB

Download
memory/1968-5549-0x00007FF9BD520000-0x00007FF9BDADB000-memory.dmp

Filesize
5.7MB

Download
memory/1968-5537-0x000001CBB91A0000-0x000001CBB91B0000-memory.dmp

Filesize
64KB

Download
memory/1968-5538-0x00007FF9BD520000-0x00007FF9BDADB000-memory.dmp

Filesize
5.7MB

Download
memory/2592-4730-0x000002AFF6B70000-0x000002AFF6B80000-memory.dmp

Filesize
64KB

Download
memory/2796-5275-0x0000022468DF0000-0x0000022468DF1000-memory.dmp

Filesize
4KB

Download
memory/2796-5273-0x0000022468DF0000-0x0000022468E00000-memory.dmp

Filesize
64KB

Download
memory/3016-745-0x00007FF9C5E70000-0x00007FF9C642B000-memory.dmp

Filesize
5.7MB

Download
memory/3016-704-0x00007FF9C67E0000-0x00007FF9C6875000-memory.dmp

Filesize
596KB

Download
memory/3016-478-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/3016-479-0x00007FF9C6FF0000-0x00007FF9C73ED000-memory.dmp

Filesize
4.0MB

Download
memory/3016-503-0x00007FF9C73F0000-0x00007FF9C762D000-memory.dmp

Filesize
2.2MB

Download
memory/3016-5182-0x00000218CA450000-0x00000218CA460000-memory.dmp

Filesize
64KB

Download
memory/3016-506-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/3016-510-0x00007FF9BFCF0000-0x00007FF9C24C1000-memory.dmp

Filesize
39.8MB

Download
memory/3016-634-0x000000006FC40000-0x000000006FDA5000-memory.dmp

Filesize
1.4MB

Download
memory/3016-628-0x0000000061440000-0x000000006145A000-memory.dmp

Filesize
104KB

Download
memory/3016-667-0x00000218C54D0000-0x00000218C556C000-memory.dmp

Filesize
624KB

Download
memory/3016-679-0x00007FF9C6B20000-0x00007FF9C6B48000-memory.dmp

Filesize
160KB

Download
memory/3016-781-0x00000218C5810000-0x00000218C5820000-memory.dmp

Filesize
64KB

Download
memory/3016-773-0x00007FF9C5FF0000-0x00007FF9C65AB000-memory.dmp

Filesize
5.7MB

Download
memory/3016-675-0x00007FF9C6B50000-0x00007FF9C6BE2000-memory.dmp

Filesize
584KB

Download
memory/3016-722-0x0000000068DC0000-0x00000000690B1000-memory.dmp

Filesize
2.9MB

Download
memory/3156-512-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/3748-5271-0x000002DCCB990000-0x000002DCCB9A0000-memory.dmp

Filesize
64KB

Download
memory/3944-2735-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/3968-5248-0x000001A0A8930000-0x000001A0A8940000-memory.dmp

Filesize
64KB

Download
memory/4140-5361-0x000001B0BF3C0000-0x000001B0BF3D0000-memory.dmp

Filesize
64KB

Download
memory/4248-4465-0x00007FF9C73F0000-0x00007FF9C762D000-memory.dmp

Filesize
2.2MB

Download
memory/4248-4466-0x00007FF9C6B50000-0x00007FF9C6BE2000-memory.dmp

Filesize
584KB

Download
memory/4248-4464-0x00007FF9BFCF0000-0x00007FF9C24C1000-memory.dmp

Filesize
39.8MB

Download
memory/4248-3933-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/4300-3931-0x000000006FC40000-0x000000006FDA5000-memory.dmp

Filesize
1.4MB

Download
memory/4300-3796-0x00007FF9C6B20000-0x00007FF9C6B48000-memory.dmp

Filesize
160KB

Download
memory/4300-3426-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/4300-3443-0x00007FF9BFCF0000-0x00007FF9C24C1000-memory.dmp

Filesize
39.8MB

Download
memory/4300-3733-0x00007FF9C73F0000-0x00007FF9C762D000-memory.dmp

Filesize
2.2MB

Download
memory/4300-3779-0x00007FF9C6B50000-0x00007FF9C6BE2000-memory.dmp

Filesize
584KB

Download
memory/4300-3876-0x0000000061440000-0x000000006145A000-memory.dmp

Filesize
104KB

Download
memory/4300-3911-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/4300-3828-0x00007FF9C67E0000-0x00007FF9C6875000-memory.dmp

Filesize
596KB

Download
memory/4300-3932-0x0000026AE3E60000-0x0000026AE3E73000-memory.dmp

Filesize
76KB

Download
memory/4464-507-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/4464-1425-0x000002AFF6B70000-0x000002AFF6B80000-memory.dmp

Filesize
64KB

Download
memory/4500-804-0x0000017A93350000-0x0000017A93360000-memory.dmp

Filesize
64KB

Download
memory/4500-1155-0x0000017A932E0000-0x0000017A932F3000-memory.dmp

Filesize
76KB

Download
memory/4500-1102-0x0000000064940000-0x0000000064955000-memory.dmp

Filesize
84KB

Download
memory/4500-678-0x00007FF9C9A90000-0x00007FF9C9FDA000-memory.dmp

Filesize
5.3MB

Download
memory/4500-1030-0x00007FF9C67E0000-0x00007FF9C6875000-memory.dmp

Filesize
596KB

Download
memory/4500-806-0x00007FF9BFCF0000-0x00007FF9C24C1000-memory.dmp

Filesize
39.8MB

Download
memory/4500-900-0x00007FF9C73F0000-0x00007FF9C762D000-memory.dmp

Filesize
2.2MB

Download
memory/4500-1152-0x000000006FC40000-0x000000006FDA5000-memory.dmp

Filesize
1.4MB

Download
memory/4500-948-0x00007FF9C6B50000-0x00007FF9C6BE2000-memory.dmp

Filesize
584KB

Download
memory/4500-986-0x00007FF9C6B20000-0x00007FF9C6B48000-memory.dmp

Filesize
160KB

Download
memory/4500-1074-0x0000000061440000-0x000000006145A000-memory.dmp

Filesize
104KB

Download
memory/4568-5192-0x0000029FD2220000-0x0000029FD2230000-memory.dmp

Filesize
64KB

Download
memory/4812-4668-0x000001E01D380000-0x000001E01D390000-memory.dmp

Filesize
64KB

Download
memory/5100-5190-0x000001FF39290000-0x000001FF392A0000-memory.dmp

Filesize
64KB

Download